使用PDO :: query和mysql_query有什么安全好处? [英] Are there any security benefits to using PDO::query vs. mysql_query?
问题描述
我正在寻求重构一些旧的PHP代码,并且我知道PDO通过添加预处理语句等会更安全,但是我想知道使用PDO::query()
方法与使用.c0方法是否有任何安全性好处. mysql_query()
方法.有吗?
I'm looking to refactor some legacy PHP code, and I know that PDO is more secure with the addition of prepared statements and such, but I am wondering if there are any security benefits of using the PDO::query()
method vs. the mysql_query()
method. Are there?
推荐答案
PDO或mysql_ *中的错误简短,数据库查询的安全性问题取决于所运行的查询,而不是用于连接数据库的内容
Short of a bug in PDO or mysql_*, the security issues with database queries are dependent on the query being ran, not what is used to connect to the database.
如果使用userdata创建一个不安全的查询并使用PDO::query()
执行它,则它与使用mysql_query()
一样不安全.同样,如果您有一个安全的查询,则使用PDO::query()
运行该查询实际上与使用mysql_query()
进行相同.
If you create an insecure query with userdata and execute it with PDO::query()
, it is just as insecure as it is with mysql_query()
. Likewise, if you have a secure query, running it with PDO::query()
is effectively the same as with mysql_query()
.
这篇关于使用PDO :: query和mysql_query有什么安全好处?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!